A sample of projects representing the two major business lines (IT related, and Non-IT related) was subject to the audit. The sampled projects were: SEC-TASK 4 (Cyberwatch) and SEC-TASK 1 (NYRO). Also included were two support functions, Quality Assurance, and Supplier Agreement Management.

Appraisal Description

Last Day of Appraisal Onsite:

Mar 03, 2017

Appraisal Expiration Date:

Mar 03, 2020

Appraisal Method Used:

SCAMPI V1.3 A

Model Information:

CMMI-DEV v1.3

Sampling Summary

Sampling Factors:

Location (Not Relevant: Some projects and services are occurring locally, such as at a headquarters location, or are managed by headquarters-based personnel. Others are occurring in the field and are being managed primarily by field personnel. However, this does not have a notable distinguishing effect on process implementation and performance.)

Customer (Not Relevant: Although each customer tends to have its own preferences relating to details such as progress report formats, information, and frequency, the customer does not have a significant influence on how processes are implemented or performed within the organizational unit.)

Size (Not Relevant: Generally, process performance is consistent, and does not vary significantly due to size. Any variance occurs in accordance with tailoring criteria.)

Organizational Structure (Not Relevant: The organizational unit has a relatively flat management structure. Therefore organizational structure does not cause significant variations in the performance of processes.)

Type of Work: Our sample groupings consist of two types of work: IT and Non-IT. Each project is classified by the type of work we perform for our clients. Process implementation in some processes is driven by the type of work being performed.

Sampling Factor Values:

IT (Type of Work): Projects are categorized, implemented, and managed as “IT” projects, which include all IT-related projects, regardless of size.

Non-IT (Type of Work): Projects are categorized, implemented, and managed as “Non-IT” projects which include all Non-IT related projects, regardless of size.

Subgroups:

IT Related: Provides Information Technology support to the clients. This support could be wide range of services that includes: Basic staff augmentation to a full implementation of a Fusion Center Operations Hub (including Software Development Life Cycle (SDLC) activities).12 People, 2 Basic Units - IT

Non-IT Related: Provides Non-Information Technology support to the clients. This support could be wide range of services that includes: Basic staff augmentation to a full full-range of cyber analytics and engineering activities.8 People, 3 Basic Units - Non-IT